Mirrorles

Privacy Policy

Last updated: July 2, 2026

This Privacy Policy describes how Mirrorles ("we", "us", "our") collects, uses, and protects your information when you use our iOS application (the "App"). By using Mirrorles, you agree to the practices described here.

1. Information We Collect

1.1 Information You Provide

Account information. When you create an account, we collect:

If you sign in with Apple, we receive an identity token from Apple, which may include your email address and name. We do not receive your Apple ID password.

Photos you upload.

Wardrobe and outfit data. Metadata you provide about your items (name, category, favorites) and the outfits you generate.

Photo metadata (EXIF). Photos taken with a phone or camera typically include embedded metadata such as GPS coordinates, device model, and timestamps. We strip this metadata from your photos at the time of upload, before storing them on our servers. Location data from your photos is not retained.

Subscription and purchase records. If you subscribe to a paid tier through the App, your payment is processed by Apple. We do not receive or store your payment method, card number, billing address, or Apple ID password. From Apple's StoreKit receipt we record only: the Apple transaction ID and original transaction ID; the product identifier you purchased; the purchase date, the current period's expiration date, and any revocation date; the environment (sandbox or production); and whether the subscription is in a free-trial period and whether auto-renew is enabled. We use these records to grant and renew the credits associated with your subscription, to honor refunds reported by Apple, and to provide customer support. We do not use these records for advertising or marketing.

1.2 Information Collected Automatically

We do not use third-party analytics SDKs, advertising identifiers, or crash-reporting services that transmit data to third parties.

2. How We Use Your Information

We use your information to:

We do not use your photos or wardrobe data for advertising. We do not sell your personal information, and we do not sell or share your personal information for cross-context behavioral advertising.

3. How We Share Your Information

We use the following third-party processors. These are the only parties that receive your data outside of our systems.

3.1 Google Gemini (Google LLC)

3.2 FAL.ai

3.3 Apple (Sign-In Provider)

If you sign in with Apple, we receive an identity token from Apple containing your user ID and optionally your email and name. Your choice to use Sign in with Apple is governed by Apple's own privacy policy.

3.4 Apple (In-App Purchase Processor)

Subscriptions are sold through Apple's App Store and processed by Apple under its own privacy policy. Apple is the merchant of record for your transaction and is the data controller for your payment information. We receive only the receipt fields described in Section 1.1; we never see your card number, billing address, or Apple ID password. Subscription lifecycle events (renewals, refunds, cancellations) are delivered to us by Apple's App Store Server Notifications service so we can keep your entitlements in sync without you needing to open the App.

We do not share your personal information with advertisers, data brokers, or any party not listed above.

4. Data Retention

While your account is active:

When you delete your account:

Operational backups. Data may persist in encrypted operational backups for a limited recovery window (up to 30 days) before being cycled out. Backups are used only for disaster recovery.

5. Deleting Your Account and Data

You can delete your account at any time from within the App (Profile tab). See Section 4 for the full list of what is permanently deleted and what is retained in anonymized form.

Account deletion is irreversible. If you need a copy of your data before deletion, please email the address in Section 12. We will respond within 30 days.

6. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

EU, UK, and EEA residents have rights under the GDPR. California residents have rights under the CCPA, including the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising these rights. Residents of other US states with comparable privacy laws have the same rights under those laws.

To exercise any of these rights, email us at the address in Section 12.

7. International Data Transfers

Our servers are located in Germany, within the European Economic Area. Your account data and photos are stored and processed there.

Our third-party AI processors (Google Gemini, FAL.ai) may process data in the United States and other countries. When personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses and the processors' own data processing agreements to provide appropriate safeguards.

8. Security

We protect your information with the following measures:

No system is perfectly secure. If we detect a breach that affects your personal data, we will notify you as required by applicable law. For users in the EU, UK, and EEA, we will notify the relevant supervisory authority within 72 hours of a confirmed breach that poses a risk to your rights, consistent with GDPR Article 33.

9. Children's Privacy

Mirrorles is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the address in Section 12 and we will delete it.

If you are in the EU, UK, or a country that sets a higher age of digital consent (such as 16), please do not use the App unless you are above that age or have verifiable parental consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you through the App or by email. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.

11. Business Transfers

If Mirrorles is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, we will notify you through the App or by email before your personal data is transferred and becomes subject to a different privacy policy. The acquiring entity will be required to honor the commitments made in this policy for data transferred to it. You will have the option to delete your account before the transfer takes effect.

12. Contact Us

For privacy questions, data requests, or complaints, email us at:

Mirrorles Privacy
privacy@mirrorles.app